In the latest weekly update, four ISMG editors discuss how ransomware attacks got worse in 2021, the backlash from privacy experts sparked by the IRS' decision - now changed - to use facial recognition technology on American taxpayers, and why cybersecurity fosters competitive advantage.
The U.S.-China Economic and Security Review Commission on Thursday held a daylong hearing on cybersecurity threats posed by Xi Jinping-led China, including the nation's expansive cyberespionage and disinformation capabilities, along with its technical prowess in cyberwarfare.
What security functions should be kept in house, and which ones should be outsourced? The sands are shifting: the days of a fully in-house security operations center are probably gone now, says Elrich Engel, CISO and director of data and architecture at AMP, an Australian financial services company.
Two recent hacking breaches affecting hundreds of thousands of individuals - one reported by a firm that provides services to health plans and the other by a government contractor - serve as the latest reminders of the risks involving vendors that handle sensitive personal data.
The ability to evade detection by traditional endpoint detection tools, easy availability of valid credentials, access to code vulnerabilities, increased persistence and ease of lateral movement are causing an increasing number of threat actors to choose malware-free options, CrowdStrike says.
In a preliminary report, the European Data Protection Supervisor has urged EU officials to ban the use and deployment of military-grade surveillance products, citing recent findings around the NSO Group's flagship spyware tool, Pegasus.
A consolidated legal case that includes allegations of embezzlement, trade secret theft and intimidation offers an inside look at a complicated and messy alleged insider breach reported last year by a Texas-based accountable care organization.
Things are not always what they seem, says incident response expert Joseph Carson, pointing to a case involving ransomware that infected a company in Ukraine, but for which there was no external attack path. Ultimately, his investigation found that ransomware had been used to hide internal fraud.
The January cyberattack on the International Committee of the Red Cross, which compromised the data of more than 515,000 highly vulnerable people, was specifically targeted at the organization, using code designed for execution on the ICRC servers, according to Director General Robert Mardini.
SecurityScorecard provides analysis of organizational cyber hygiene through a rating system, while LIFARS, a digital forensics firm, has offered witness testimony for major federal cybercrime cases involving nation-state threat actors. CEOs for both firms tell ISMG why their merger is significant.
Reports say that Ukraine's defense ministry and two banks have fallen victim to a cyberattack on Tuesday. This follows what appeared to be mild escalation in the Russia-Ukraine conflict over the weekend, in which top U.S. officials warned that Russia could invade the former Soviet state this week.
By almost every measure, ransomware continues to get worse, not least in the average amount criminals receive when a victim chooses to pay a ransom. So say new reports assessing the volume and severity of ransomware attacks, the flow of cryptocurrency, attackers' target selection and more.
"All too often we hear that our industrial control systems have no security. That's not true," says Kevin Jones, group CISO of Airbus. In fact, he states, "some of these systems have been designed with security encapsulating them and security around them." He discusses enhancing cyber resilience.
On this week's "Sound Off," we ask John Kindervag, the founder of Zero Trust, for his reaction to the recently released Office of Management and Budget federal strategy to move the U.S. government toward a mature Zero Trust architecture.
People think cloud is a silver bullet, but it’s not. It's not even copper. And people think cloud it easy and someone else’s problem. But it's not. The cloud is nothing more than a highly resilient, outsourced data center with a lot of bells and whistles.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.